+1 ... and honestly, this is why I stopped using Regulator...
I've been running as a normal Domain User for about 6 months now. It took a little while at first, but I've gotten used to it. You'll quickly come to use the RunAs shell function, as well as the runas console command frequently.
One thing that has surprised me however is the amount of product out there that require Administrative privs even to run.
The coolest thing about not running as an admin? I've got four boxes on my home active directory, a server, desktop, and two laptops. Nobody's account has admin privs, and the only time I ever log in as admin is when I need to do something on the server or change hardware. And you know what? In the past 6 months, we have not been hit *once* by spyware ( at least as far as I can tell ) or viruses.
Yeah, it's a good idea, I just can't bring myself to pull the trigger on this.
It's also one of the last great divides between the UNIX world (where they've always done this) and the Windows world (where we've almost never done it).
They are right, though: "security" is a joke until you do this.
I think you've asked the wrong question. The question you should be asking is how many of the Regulator's users should be running as non-admin. The correct answer to that question is very near 100%. Every developer tool and utility that requires admin privileges for non-Admin work is in some small way responsible for the current morass we're in. End users depend on us to the do the right thing.
Hey Roy, long time reader, first time poster. Love your blog.
I agree with John. Someone as yourself who seems dedicated to doing the Right Thing in all aspects of development needs to do this right, as well. The MakeMeAdmin script is about the simplest way to get there, but even using RunAs is not so complicated that any developer has an excuse.